Title

Author

Date of Award

Spring 5-2016

Embargo Period

5-2-2019

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Chemical Engineering

Advisor(s)

Erik Ydstie

Abstract

Formal verification has previously been applied to chemical plant control and automation systems to ensure that they operate as intended. This dissertation examines the related objective of proving that a particular control system does not operate as intended. To this end, we present a set of specifications that address certain aspects of the correct operation of a general control system. Some of those specifications, which relate to invariance and reachability of states that satisfy given logical constraints, do not fall within the classes of specifications that have been addressed in previous work related to the falsification of hybrid systems. For a specification from this class, a sound falsification algorithm is presented which can guarantee that a hybrid system does not meet the specification. The algorithm involves abstraction, as a finite-state discrete system, of the infinite-state hybrid dynamical system that arises when discrete control is applied to a continuous process. The falsification result relies on new results that we present which concern the supervisory control of discrete event systems subject to specifications that involve multiple reachability requirements. The methods we present are applied to two industrial case studies, which were provided by The Dow Chemical Company. We also present two software tools which apply the methods that we have developed. The first tool, SynthSMV, is an extension of the model checking solver NuSMV that can solve some supervisory control problems. NuSMV was chosen as the basis for our work in falsification because previous work has shown that its symbolic model checking algorithms can handle models of industrial-scale control systems in the context of verification. The second tool, st2smv, translates industrial control code to a formal model that can be solved using SynthSMV. The approach is similar to what has been done in previous work that focused on model checking and verification, with some extensions to enable the application of our work concerning supervisory control and falsification.